Noora Hammar 

Deleted (or "deactivated" as Twitter calls it) my account on Twitter a month ago or so.

Then received an email from Twatter (yes intentional) about them turning off the two-factor authentication for my account, which is fine since I'm getting the f* outta there.

BUT. Yes, there's a but...

As the deactivation process -according to their instructions online -takes 30 days, that means my account would be left vulnerable for those 30 days.

So decided to leave my account there for security reasons. Not posting anything or being active there no longer. Afterwards heard many ppl did the same thing by leaving their Twitter account there but just as a placeholder to avoid any account misuse.

So I guess there are probably many accounts left, not actively being used but staying on the platform for security reasons. And this ofc fabricates the number of Twitter accounts since WE CANNOT DELETE OUR TWITTER ACCOUNTS SECURELY! 🤯😠

#twittersecurity #twofactorauthentication #2fa #twittersucks #twittermigrant

Jan 8, 2023 at 7:01amWeb
Show threadNoora Hammar Jan 8, 2023

A few more thoughts: if someone has followed through Twitter's account deactivation process, would be interesting to hear about it. Especially about the process really taking the stated 30 days.

If Twitter's interest in user account security is already at this level, are they really gonna follow through the 30 day deactivation process or are some account deactivation requests been "forgotten", forcing these users to enable the 2FA again?

Show threadLassiJan 8, 2023
@H4mNo What would technically be the most secure way to delete it concerning this current process? Changing ridicilously long (and unique of course) password during that 30-day spell?
Show threadNoora Hammar Jan 8, 2023

@L4UNO imho the ridic [long and unique] password would be the only string that separates the account from being totally unsecure, left vulnerable for possible misuse. Nothing else. But as cyber criminals' tacticts, skills and tools are constantly being develop further, evolving as we speak, there's no 100% guarantee about something being or working 100% securely. Thus decided to keep the security in my own hands to some extent by keeping yet another layer of security enabled. So choosing to keep my account there as idle, until the ridic process will be fixed -something which I highly doubt will happen.

I personally don't feel comfortable enough to leave my account hanging from just one password without any other layer of security, no matter how strong the password is.

The more I think about it, it starts to mold in my head into something Twitter would intentiolly do as a part of their business model to make

A) Users stay on the platform
B) Keep the number of user accounts seem more 🤔

Show threadturumoreJan 8, 2023
@H4mNo As far as account retention methods go, this is by far the most ick-inducing to me. "Oh you're leaving? Let us turn off important safety features.." 
Show threadNoora Hammar Jan 8, 2023
@turumore yeah, exactly. Revenge for leaving.